Update: Platform-A’s official statement on the breach. Original Story below the fold.
Platform-A has determined that the servers that host Third Screen Media’s corporate web site were breached during the weekend of June 6-8, 2008. The breach resulted in malicious code and web pages being loaded on the web server. Third Screen Media’s web site is supported by a third-party hosting provider, which is completely separate from its production ad-serving systems. We have confirmed that the company’s advertising systems have not been impacted and remain secure.
The site has been taken down and all malicious content has been removed. Platform-A’s technical staff is investigating the breach to determine the appropriate changes necessary to secure the systems. Once the appropriate changes have been made, the site will be made operational again.
Jeff Bentley, a reader of our site accidentally stumbled into what seems like a hack by spammers of Third Screen Media, a mobile advertising company that was acquired by AOL in 2007 for $107 million and is now part of Platform A.
While surfing on his Blackberry browser, Bentley found that somehow one his sites had been hacked and there were some spammy links embedded in the header of the pages on that site. All the links were emerging out of Third Screen Media’s domain and were pages built for pharmaceuticals related spam. Essentially Third Screen is serving as a spam-farm for someone. We have written in the past about how WordPress themes are being used to embed spam links and other nefarious stuff. (He has links to everything on his blog.)
Anyway this brings up the question: how secure is Platform A’s ThirdScreenMedia? Or is it someone from within who is mucking around and using the company’s domain to serve up spam. Blame it on the gorgeous blue skies this morning, but I am having a hard time thinking that ThirdScreen themselves could be to blame and offering spam-links as a service ;-).
PS: I will update the post after I hear back from Platform A.